Fwd: [NEW] security/floss

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

Fwd: [NEW] security/floss

Remi Pointel


-------- Courriel original --------
Objet: [NEW] security/floss
Date: 10-03-2018 08:52
De: Remi Pointel <[hidden email]>
À: The OpenBSD ports mailing-list <[hidden email]>

Hi,

attached is the port of floss: FireEye Labs Obfuscated String Solver.

---------------------------------
$ pkg_info floss
Information for inst:floss-1.5.0

Comment:
FireEye Labs Obfuscated String Solver

Description:
The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static
analysis
techniques to automatically deobfuscate strings from malware binaries.
You can
use it just like strings.exe to enhance basic static analysis of unknown
binaries.
Rather than heavily protecting backdoors with hardcore packers, many
malware
authors evade heuristic detections by obfuscating only key portions of
an
executable. Often, these portions are strings and resources used to
configure
domains, files, and other artifacts of an infection. These key features
will not
show up as plaintext in output of the strings.exe utility that is
commonly used
during basic static analysis.

Maintainer: Remi Pointel <[hidden email]>

WWW: https://github.com/fireeye/flare-floss
---------------------------------

Ok?

Cheers,

Remi.

floss-1.5.0.tar.gz (2K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Fwd: [NEW] security/floss

Ljuba Nedeljkovic
Hello,

On freshly updated -current and /usr/ports, on amd64 `make test` fails with:

===> Returning to build of floss-1.5.0                                            
===> floss-1.5.0 depends on: py-plugnplay-* -> py-plugnplay-0.5.3                  
>> Broken dependency: security/py-viv_utils non existent \
  (DEPENDS was security/py-viv_utils) in security/floss
*** Error 1 in . (/usr/ports/infrastructure/mk/bsd.port.mk:2073\
 '/usr/ports/pobj/floss-1.5.0/.dep-securit

`port-lib-depends-check` and `package` targets fail as well with the same
complaint about missing dependency.

Is `py-viv_utils` a port that is currently in development?

Cheers

On 12.03, Remi Pointel wrote:

>
>
> -------- Courriel original --------
> Objet: [NEW] security/floss
> Date: 10-03-2018 08:52
> De: Remi Pointel <[hidden email]>
> À: The OpenBSD ports mailing-list <[hidden email]>
>
> Hi,
>
> attached is the port of floss: FireEye Labs Obfuscated String Solver.
>
> ---------------------------------
> $ pkg_info floss
> Information for inst:floss-1.5.0
>
> Comment:
> FireEye Labs Obfuscated String Solver
>
> Description:
> The FireEye Labs Obfuscated String Solver (FLOSS) uses advanced static
> analysis
> techniques to automatically deobfuscate strings from malware binaries. You
> can
> use it just like strings.exe to enhance basic static analysis of unknown
> binaries.
> Rather than heavily protecting backdoors with hardcore packers, many malware
> authors evade heuristic detections by obfuscating only key portions of an
> executable. Often, these portions are strings and resources used to
> configure
> domains, files, and other artifacts of an infection. These key features will
> not
> show up as plaintext in output of the strings.exe utility that is commonly
> used
> during basic static analysis.
>
> Maintainer: Remi Pointel <[hidden email]>
>
> WWW: https://github.com/fireeye/flare-floss
> ---------------------------------
>
> Ok?
>
> Cheers,
>
> Remi.